Author Archives: admin

Top 10 Secret Tips Of Social Engineering In 2020

Category : Uncategorized

Top 10 Secret Tips Of Social Engineering in 2020

Have you ever thought,How hackers steal confidential data like online account credentials or banking details without hacking into your system.This is a very popular way hackers use to steal sensitive information.Hackers are now evolving this technique to trick people.

Almost 62% of companies facing Social Engineering attack.Many companies now working from home.Hackers now trick employees and steal sensitive data using social engineering.In recent times social engineering attack increased so much and hackers now adopting new techniques to trick people.

So What Is Social Engineering?

Social engineering is a technique to manipulate people, to get confidential information. The types of information collected by social engineering can vary, but when individuals are targeted by the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.This is a non-technical technique used by hackers to collect sensitive data from a person. Hackers use different social engineer techniques and they keep evolving these techniques. They can get to your data without touching your keyboard or physical access to your system.

To protect the personal or company system a Cyber Security Professional must think like hackers. They should understand how hackers use Social Engineering attacks to get sensitive data from a person.

Here are the 10 Social Engineering Tips Hackers Used

1.Email From A Friend :

People hardly check the genuineness of a mail that comes from a friend or looks like it comes from a friend. Hackers take advantage of this and send malicious links in a mail or ask sensitive information from a user. If a criminal manages to hack or socially engineer one person’s email password they can easily get access to that person’s contact list. Most people use one password for almost everywhere, this makes it easy for hackers to have access to that person’s social networking contacts as well.When hackers get the control of the email they send emails to all the person’s contact list. These emails contain malicious links or links to phishing websites to collect more sensitive data from the person contacts. The mail can also contain a download of pictures, music, movie, or document that has malicious software embedded. If you download which you are likely to do since you think it is from your friend, you become infected by malware. The cyber criminal can easily access your machine, email account, social network accounts, and contacts, and the attack spreads to everyone you know. And on, and on.

{{ brizy_dc_image_alt uid='wp-90b0b40b44d75b698af26b3d94b1de67' }}
{{ brizy_dc_image_alt uid='wp-adb5455b5436c78c2db538aab6923e9b' }}

2.Email From A Trusted Source –

Hackers send phishing links using social engineering strategies that imitate a trusted source. Hackers use a compelling story or pretext to get sensitive data from a user. A phisher sends an e-mail, IM, comment, or text message that appears to come from a legitimate, popular, bank, school, or institution. They present a problem that requires you to “verify” your information by clicking on the displayed link and providing information in their form. The link location may look very legitimate with all the right logos, and content. This type of mail looks like it comes from banks or other financial institutions.Hackers sometimes pose like a boss or coworker. It may ask for an update on an important, proprietary project your company is currently working on, for payment information pertaining to a company credit card, or some other inquiry masquerading as a day-to-day business. Hackers basically send this type of mail to employees of a targeted company to steal sensitive information. These mails look legitimate and hackers can easily get the information they need.

3.Mail From A Trusted Person –

In this type of social engineering attack, hackers send mail to the user. The mail looks like it comes from a trusted source and they copy the official mail id. This type of mail contains phishing links that send the user to a phishing website. Hackers copy the original website and trick users to share sensitive information.

{{ brizy_dc_image_alt uid='wp-072e32395a159f19de6aaca83d8a6ba2' }}
{{ brizy_dc_image_alt uid='wp-f4272cf56ebef564d0348fe8de214389' }}

4.Baiting scenarios :

Hackers know what type of things people want and they target people. They offer to download the latest movie links or music. This type of link also found in social networking sites, malicious websites people find through search results, and so on.This scheme may show up as an amazingly great deal on classified sites, auction sites, etc. To allay your suspicion, you can see the seller has a good rating which is already a planned and crafted profile. People who take this bait get infected by malicious software and hackers still sensitive information.

5.Offering services from trusted

companies :

Hackers offers service like fixing your computers or helping you in banking service.They pick big companies like computer service or banks.They call people and offer free service.They will ask to update software by a link they send to you or install a software so they can fix your computer problem.When user install this software they gives the remote access to the hackers.The hackers also tell user to enter commands or authenticate them.They fthis trick to steal sensitive information and create a backdoor,so they access anytime they want.

{{ brizy_dc_image_alt uid='wp-63518e4689dc4ca46b8c096885a21cfe' }}
{{ brizy_dc_image_alt uid='wp-3d4f964938dd1e55c50595d3b615ec4f' }}

6.Promotional Offers :

Hackers sometimes send promotional mails to users which offer great results on a product.They craft the mail like that people will click on the link.This type of link is also found in search results.People easily click this type of link when they get offers.Hackers uses this Social Engineering method to trick people.

7.Texting Users:

Hackers sometimes trick users by simply sending text messages to users.Here’s how the manipulative scheme works. Hackers send the target a text message instructing them to log in to their online account. Point out that it’s required to accept the new terms of service or confirm that their personal details are up to date.This mail emphasizes that it is an urgent matter and they need to do the task by sending the mail.When the user clicks on the link and types the credentials,hackers can easily get all the information.They can easily hack online accounts.

{{ brizy_dc_image_alt uid='wp-e68ca39f5c3a90d61ef7c88089871e49' }}
{{ brizy_dc_image_alt uid='wp-50727eee81aec19c21ae8cc6f879ffce' }}

8.Using Fake Email :

Hackers first get all the information like the official email id of the company and their employees mail id.Then they send mails to other employees with a copy mail id.In this technique hackers send mail  to employees to get sensitive information from employees,who worked on a targeted company.

9.Lottery Winning Mail :

 In this social engineering attack,hackers send mail to people about lottery winning.This mail trick users to get sensitive information.In order to give you your ’winnings’ you have to provide information about your bank account,so they know how to send it to you or give your address and phone number so they can send the prize, and you may also be asked to prove who you are often including your identification details. These are the ’greed phishes’ where even if the story pretext is thin, people want what is offered and fall for it by giving away their information, then having their bank account emptied, and identity stolen.

10.Creating Phishing Link Of A Keyword :

Hackers create phishing websites for particular keywords.It is really hard to rank for a keyword.But they are so many keywords that are actually easy to rank and have a decent amount of traffic.Hackers take advantage of this and create phishing website to steal sensitive information from users.


How to write a GDPR data privacy notice in 2020

Category : Uncategorized

How to write a GDPR data privacy notice in 2020

The  GDPR (General Data Protection Regulation gives individuals more control over how their personal data is used.If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the form of a data privacy statement or privacy notice.But what is a data privacy notice, and what should it contain? This post explains everything you need to know.

What is a privacy notice?

A GDPR privacy notice is an important way to help your customers make informed decisions about the data you collect and use. We’ve brought together some information from the law itself and from the EU’s guidance documents to help you understand the components of a good privacy notice. And at the bottom, we’ve included a privacy notice template that you can adapt to your own organization.A privacy notice is a document that organisations give to individuals to explain how their personal data is processed.There are two reasons for doing this. First, it ensures that you’re as transparent as possible with data subjects. This prevents any confusion about the way personal data is being used and ensures a level of trust between the organisation and the individual.Second, it gives individuals more control over the way their data is collected and used. If there’s something the data subject isn’t happy with, they can query it via a DSAR and potentially ask the organisation to suspend that processing activity.

How to write a privacy notice?

1) Contact details

The first thing to include in your privacy notice is the name, address, email address and telephone number of your organisation.If you’ve appointed a  DPO(data protection office) or  EU representative, you should also include their contact details.

2) The types of personal data you process

The definition of personal data is a lot broader than you might think.Ensure you include everything that you’re collecting and do so as specifically as possible.For example, instead of just saying ‘financial information’, state whether it’s account numbers, credit card numbers, etc.You should also outline where you obtained the information if it wasn’t provided by the data subject directly.

3) Lawful basis for processing personal data

Under the GDPR, organisations can only process personal data if there is awful basic for doing so . Your privacy policy should specify which one you’re relying on for each processing purpose.Additionally, if you are relying on legitimate interests, you must describe them. If you’re relying on consent, you should state that it can be withdrawn at any time.

4) How you process personal data?

You must explain whether you will be sharing the personal data you collect with any third parties.We suggest also specifying how you will protect shared data, particularly when the third party is based outside the EU.

5) How long you’ll be keeping their data?

The GDPR states that you can only retain personal data for as long as the legal basis for processing is applicable. In most cases, that will be easy to determine. For example, data processed to fulfill contracts should be stored for as long as the organisation performs the task to which the contract applies.Likewise, organisations that process data on the grounds of a legal obligation public task or vital interest should hold on to the data while those processing activities are relevant.Things are trickier with consent and legitimate interests, as there is no clear point at which they’re no longer valid.As such, we recommend reviewing any processing that involves these lawful bases at least every two years.

6) Data subject rights

The GDPR gives individuals eight data subject right which you should list and explain in your privacy notice:

Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.

Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.

Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.

Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.

Right to be informed: organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.

Rights related to automated decision making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

Is privacy notice the same as a privacy policy?

A privacy notice is a publicly accessible document produced for data subjects. By contrast, a privacy policy is an internal document that explains the organisation’s obligations and practices for meeting the GDPR’s requirements.Although they cover many of the same topics, privacy notices aren’t to be confused with privacy policies.

Contact us


GDPR - ICSS

How to write a GDPR data privacy notice in 2020

Category : Blog

How to write a GDPR data privacy notice in 2020

The  GDPR (General Data Protection Regulation gives individuals more control over how their personal data is used.

If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the form of a data privacy statement or privacy notice.

But what is a data privacy notice, and what should it contain? This post explains everything you need to know.

GDPR Managed Service Providers in India

What is a privacy notice?

 

A GDPR privacy notice is an important way to help your customers make informed decisions about the data you collect and use. We’ve brought together some information from the law itself and from the EU’s guidance documents to help you understand the components of a good privacy notice. And at the bottom, we’ve included a privacy notice template that you can adapt to your own organization.

A privacy notice is a document that organisations give to individuals to explain how their personal data is processed.There are two reasons for doing this. First, it ensures that you’re as transparent as possible with data subjects. This prevents any confusion about the way personal data is being used and ensures a level of trust between the organisation and the individual.

Second, it gives individuals more control over the way their data is collected and used. If there’s something the data subject isn’t happy with, they can query it via a DSAR and potentially ask the organisation to suspend that processing activity.

Let us watch the different steps of writing a GDPR Data Privacy Notice through this video:

How to write a privacy notice?

 

1) Contact details

The first thing to include in your privacy notice is the name, address, email address and telephone number of your organisation.

If you’ve appointed a  DPO(data protection office) or  EU representative, you should also include their contact details.

 

2) The types of personal data you process

The definition of personal data is a lot broader than you might think.

Ensure you include everything that you’re collecting and do so as specifically as possible.

For example, instead of just saying ‘financial information’, state whether it’s account numbers, credit card numbers, etc.

You should also outline where you obtained the information if it wasn’t provided by the data subject directly.

3) Lawful basis for processing personal data

Under the GDPR, organisations can only process personal data if there is awful basic for doing so . Your privacy policy should specify which one you’re relying on for each processing purpose.

Additionally, if you are relying on legitimate interests, you must describe them. If you’re relying on consent, you should state that it can be withdrawn at any time.

4) How you process personal data?

You must explain whether you will be sharing the personal data you collect with any third parties.

We suggest also specifying how you will protect shared data, particularly when the third party is based outside the EU.

5) How long you’ll be keeping their data?

The GDPR states that you can only retain personal data for as long as the legal basis for processing is applicable. In most cases, that will be easy to determine. For example, data processed to fulfill contracts should be stored for as long as the organisation performs the task to which the contract applies.

Likewise, organisations that process data on the grounds of a legal obligation public task or vital interest should hold on to the data while those processing activities are relevant.

Things are trickier with consent and legitimate interests, as there is no clear point at which they’re no longer valid.

As such, we recommend reviewing any processing that involves these lawful bases at least every two years.

6) Data subject rights

 

The GDPR gives individuals eight data subject right which you should list and explain in your privacy notice:

  • Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

 

  • Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.

 

  • Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.

 

  • Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

 

  • Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.

 

  • Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.

 

  • Right to be informed: organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept, and whether it will be shared with any third parties.

 

  • Rights related to automated decision making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

 

Is privacy notice the same as a privacy policy?

A privacy notice is a publicly accessible document produced for data subjects. By contrast, a privacy policy is an internal document that explains the organisation’s obligations and practices for meeting the GDPR’s requirements.

Although they cover many of the same topics, privacy notices aren’t to be confused with privacy policies.

 

 

Why you need a privacy notice?

Privacy policies can also help you win business, as they prove that you take information security seriously.

Privacy notices are a legal requirement under the GDPR and ensure that individuals are aware of the way their personal data is processed. However, they can also benefit organisations in several ways.

For one, privacy policies provide documented proof of your data processing activities. This helps you justify your processing if someone lodges a complaint with their supervisory authority.

Privacy policies can also help you win business, as they prove that you take information security seriously.

Writing your privacy notice

In general, privacy policies should be written in the active voice and avoid unnecessary legalese and technical terminology.

This is particularly important when you are processing children’s personal data, as there are many concepts that you’ll have to explain in more detail.

Your privacy policy must be written in clear and simple language that data subjects can easily understand.

Likewise, you should avoid qualifiers such as ‘may’, ‘might’, ‘some’ and ‘often’, as they are purposefully vague. Saying you ‘may’ do something doesn’t help the data subject work out under what circumstances it will happen.

Finally, the policy should be free of charge and easily accessible; don’t hide it in a link at the bottom of a form where few people are likely to see it.

You should instead provide the policy to them in writing or link to it when asking for their personal data.

When should you provide a GDPR privacy notice?

The GDPR explains that data controllers must provide a privacy notice whenever they obtain data subjects’ personal information. The easiest way to provide a privacy notice is to post it on your website and link to it whenever appropriate.

If you don’t have a website, you should make a physical copy of your privacy policy available.

The only times this isn’t necessary are when:

  • The data subject already has the information provided in the privacy notice;
  • It would be impossible or involve a disproportionate effort to provide such information;
  • The organisation is legally obliged to obtain the information; or
  • The personal data must remain confidential, subject to an obligation of professional secrecy.

When an organisation obtains personal information from a third party, it must provide a privacy notice within a month. This should be done the first time the organisation communicates with the data subject or when the personal data is first shared with another recipient.

 

 


Top Data Breaches in February, March & April 2020

Category : Blog

Top Data Breaches in Review: February, March & April 2020

 

Many companies now face data breaches in recent times.Different sectors like IT sector,Healthcare sectors,Public sectors reported data breaches in recent times.

Storing and using sensitive user data by companies are also common things.This data storing companies are the most favorite target for the hackers.This companies are now facing more cyber attacks.This major cyber attack also leads to data breach.Where millions of user data are leaked online.This makes user privacy at risk.Sometimes user data is sold in dark web or just leaked online.

 

data beaches-icss

 

Many companies face cyber attacks because they don’t maintain their cyber security.Many companies don’t have Cyber Security professionals who can manage the IT security.Small companies are also the favorite target of the hackers because they don’t maintain their cyber security.They don’t have any cyber security infrastructure.So they are easy to hack.

In this article we will show the recent data breach in February,March and April month.

 

 

 

Data Breach In February:

Number of data records compromised in february is 632,595,960.I this month many companies data get hacked.The hackers shared their data in web.Some of the biggest data breach are

Estee Lauder (400 million),Tetrad (120 million),Pabbly (51.2 million ),MGM Resorts (10.6 million),Lukid Party (6.54 million).In this month companies faced almost 25 Ransomware attacks,data leaked for Internal Error of 18, and companies faced 24 cyber attacks.The most breached sector is Healthcare which has  22 data breaches.Education sector which has  22 data breaches and public Sector which have 19 data breaches.

Data Breach In March:

Number of data records breach in March is almost 105.The number of data records compromised is 832,486,418. In this month many companies data get hacked.The hackers shared their data in web.Some of the biggest data breach are Weibo (538 million),Unknown database of US homeowners(201 million),Antheus Technologies (81.5 million),Dutch Government (6.9 million),Prop Tiger (2.1 million).The most sectors are The most breached sectors Healthcare which have 16 breaches,Education which have 11 breaches,Public sector which have 9 breaches.This month companies faces 10 Ransomware attack,6 internal error and 5 other cyber attacks.

Data Breach In April:

Number of data records breach in March is almost 49.The number of data records compromised is 216,141,421. In this month many companies’ data got hacked.The hackers shared their data on the web.Some of the biggest data breaches are Zoom (500,000),Email.it (600,000),Quidd (4 million ),Maropost (95 million).The most breached sectors Healthcare which have 11 breaches,Professional service which have 11 breaches,Public sector which have 9 breaches.This month companies face 12 Ransomware attacks,9 internal errors and 19 other cyber attacks.

 


Xiaomi sending user data to its server – A privacy concern for users

Category : Blog

Xiaomi sending user data to its server – A privacy concern for users

 

Services/Bloatware safe to remove on Xiaomi devices via the ...

 

Xiaomi the one of the most famous mobile manufacturers in India sending browsing data to its server.Xiaomi collects user phone habits and queries they search on Xiaomi’s default browser.

According to a Cyber Security professional Xioami records all search data and items viewed on its default browser and the Mint browser.

The researcher claims that Xiaomi collects insane amounts of data.They also track incognito mode as well.

The researcher confirmed some other Xiaomi phones, including MI 10, Resmi K20, and Mi Mix 3.

After this report Xioami responded and confirmed that it collects browsing data.However the data is anonymized and users have consented to the data tracking.But it denied the claim of monitoring the incognito mode.

But the researcher was able to prove that Xioami is recording Incognito mode data as well in a video.

When researchers showed this with proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies”.

But the question is, the information tracked in the browser is really anonymous.

The researcher says the information tracked in the browser is compiled with the phone’s “metadata” collected by Xiaomi,which can easily identify a single person. That means the data sent to the servers can be easily correlated with a specific user.

Xiaomi also collects data using its official Apps claims by the researcher.The app’s data collected by SensorDataAPI.Which is a startup known for tracking users.

While Xioami says the data collected by Sensor Analytics remains anonymous and stored on Xiaomi’s personal servers.

Although in an official blog post-Xiaomi claims the data collecting to be aggregated and based on user consent.

In 2014 the mobile manufacturer company was found sending user’s personal data, including IMEI numbers,phone numbers and text messages to the web server in China.

This was reported in 2014.A Taiwan

Cybersecurity researchers raised this issue in a report. This issue was raised in India, Singapore, and Taiwan.

The Cybersecurity researchers also claim that he had found a zero-day vulnerability in the Xiaomi website.Where he was able to access many Xiaomi user’s data. He also found server logs, MI account username, Email, and passwords of millions of Xiaomi users.

Later Xiaomi investigates the data breach and accusations made by researchers.Xiaomi later posts a report about the vulnerability raised by the researcher.

They said they have verified the zero-day data breach allegation made by the security researcher is false.The file contains the information was their old website forum data. The information became obsolete when they launched the Xiaomi account integrated systems in 2012.

Xiaomi also says they are moving their data center in India due performance and privacy consideration.

So using the Xiaomi phone is a privacy concern for cyber security experts.Many I ternet companies collect users’ data to improve their service and product.

If data breach happened then so many users’ data will be exposed.So maintaining cyber security is very important for these companies.

 


Why Cyber security is important during the COVID 19 pandemic

Why Cybersecurity is important during the COVID 19 pandemic

Category : Blog

Why Cybersecurity is important during the COVID 19 pandemic:

 

In this lockdown, many people are working and learning from home. The world is moving online at an unprecedented rate and the cyber attacks also increased for this reason.

Cybercriminals take advantage of this situation and now they try different methods. Phishing and scamming increased in recent times. Many online platforms also face cyber attacks. Hackers now try to hack online apps that are used in online meetings. Many companies now work from home and so there’s a shortage of security. Hackers now take advantage of these situations.

So at this time, cybersecurity is very important. Many companies now work online and it also increases the threat of cyber attacks.

Cybersecurity is very important right now. So companies should be aware of this type of attack.

 

 

Why Cyber security is important during the COVID 19 pandemic

 

 

 

Spam Mail : 

At this time many employees are getting too much spam mail. There are so many email providers who have a spam filter. That can easily find the spam mail. But some companies use their own mail server.

So companies should check their mail server security. It will help them to protect their mail server from any type of cyber attack.

 

 

Spam Mail

 

 

Phishing Attack :

In recent times phishing attacks have increased so much. Many people get phishing links by email. These phishing links sometimes look genuine and people clicked on the links. This phishing links redirect to websites that have malware or hacker tricks, people, to give sensitive data.

Employees need to check any type of link that’s not come from a trusted source. This type of phishing link can trick people easily.

 

 

Phishing Attack

 

 

Social Engineering :

This is the most common attack hackers use to steal sensitive data. Hackers use different types of social engineering methods to trick people.

Because many people are under pressure and work remotely, this type of trick can harm companies’ data. So companies should aware of their employees to check before sharing any sensitive data.

 

Unencrypted Connection

Any unencrypted connections can steal sensitive data. Companies need to ensure that when employees access their data remotely, their connection is secure and encrypted.

If their connection is not secure hackers can use MITM attack to steal sensitive data. So companies should use an encrypted connection.

 

Accessing Third-Party Apps :

Many companies work remotely right now. So many companies are doing their meeting and conference online. Many companies have their own infrastructure but many companies use third-party Apps.

So hackers now try to exploit these apps to hack into the system. When companies use third-party Apps they must ensure security. If any apps they find vulnerable they must use the latest version of the App or find an alternative of this App.

These are some security measures you can check to ensure the cybersecurity company. You can also use VAPT service, which can find a vulnerability in your Network, Web App, or Android apps.

This type of vulnerability testing is done by industry experts. They can help you to find the vulnerability in your IT infrastructure. So you can easily fix that problem to secure your company from any type of cyber attack.

 


Top 10 Biggest data breach happened in the 21st century

Top 10 Biggest data breach happened in 21st century

Top 10 Biggest data breach happened in the 21st century :

 

Data breaches are now very common. The 21st century is a data-driven age. Storing and using sensitive user data by companies are also common things. This data storing companies are the most favorite target for hackers. These companies are now facing more cyber attacks.

This major cyber attack also leads to a data breach. Where millions of user data are leaked online. This makes user privacy at risk. Sometimes user data is sold on the dark web or just leaked online.

The main reason for a data breach is companies don’t take cybersecurity seriously. They don’t check and measure their IT security. Hackers always try to find the vulnerabilities and hack into their system.No matter what type of companies they are small or big, the hackers always try to hack into their system to get sensitive data.

Here we will take a look at the Biggest Data Breach in the 21st century.

 

Top 10 Biggest data breach happened in the 21st century

 

Adobe – 

Date: October 2013

In this data breach, 153 million user records were leaked. As reported in early October of 2013 by security blogger Brian Krebs, Adobe originally reported that hackers had stolen nearly 3 million encrypted customer login data and credit card data for an undetermined number of user accounts.

The security researcher reported that a file posted includes more than 150 million usernames and hashed password pairs of Adobe users. Weeks of research showed that the hack had also exposed customer names, IDs, passwords, and debit and credit card information.

eBay – 

Date: May 2014

 

145 million eBay users data were leaked in this data breach.eBay reported that an attack exposed its entire account list of 145 million users in May 2014, including names, addresses, dates of birth and encrypted passwords. 

The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days, that is enough time to compromise the user database.

 

MySpace –

Date: May 2016

360 million accounts affected in this data breach.MySpace was the leading social media platform before the emergence of Facebook. But it was not concerned about its data security. And the company never really took user data seriously. Myspace pages can be hacked and users can embed whatever content they desire. 

An investigation by independent security researchers suggested that the breach occurred sometime in the mid-2000s.In 2016, a Russian hacker going by the nickname Peace put the MySpace data of more than 360 million accounts on sale. 

 

Marriott –

Date – November 2018

Marriott is one of the hotel chains whose data were hacked and leaked online.Marriott said in November 2018 that hackers had stolen personal information of more than 500 million guests who had booked rooms or stayed at properties run by its Starwood subsidiary. 

The data breach began in 2014, about two years before Marriott acquired Starwood Hotels, and continued through much of 2018. The stolen details included names, street addresses, emails, passport numbers, genders, and dates of birth of more than 500 million customers.

 

Yahoo – 

Date: August 2013

This is by far the biggest data breach in the history of the Internet. In August 2013, unidentified hackers broke into Yahoo servers to steal the data of more than 3 billion users. It means every single account on Yahoo, Tumblr, Flickr, and other Yahoo-owned properties was compromised. But Yahoo reported the security breach only in 2016. The company also revealed that another hack conducted by “a state-sponsored actor” in late 2014 compromised the data of 500 million users. The US government indicted Russian hackers for the 2014 data breach.

 

NetEase –

Date: October 2015

235 million user accounts were leaked in this data breach.NetEase is a provider of mailbox services through the likes of 163.com and 126.com. It was reported that email addresses and plaintext passwords of some 235 million accounts from NetEase customers were being sold by a dark web marketplace vendor known as DoubleFlag. The same vendor was also selling information taken from other Chinese giants such as Tencent’s QQ.com.

This data breach also shows that many companies still don’t use any encryption.

Dubsmash :

Date:  December 2018

162 million user accounts were leaked in this data breach.In December 2018, Dubsmash the New York-based video messaging service had 162 million email addresses, usernames, PBKDF2 password hashes, and other personal data such as dates of birth stolen, all of which was then put up for sale on the Dream Market dark web market the following December. The information was being sold as part of a collected dump also including the likes of MyFitnessPal (more on that below), MyHeritage (92 million), ShareThis, Armor Games, and dating app CoffeeMeetsBagel.

LinkedIn :

Date – 2016 

As the major social network for business professionals, LinkedIn has become an attractive place for attackers looking to conduct social engineering attacks. However, it has also fallen victim to leaking user data in the past.

In 2012 the company announced that 6.5 million unassociated passwords (unsalted SHA-1 hashes) were stolen by attackers and posted onto a Russian hacker forum. However, it wasn’t until 2016 that the full extent of the incident was revealed. The same hacker selling MySpace’s data was found to be offering the email addresses and passwords of around 165 million Linkedin users.LinkedIn acknowledged that it had been made aware of the breach, and said it had reset the passwords of affected accounts.

 

Equifax :

Date: July 2017

147.9 million users were affected in this data breach.Between May and July 2017, hackers broke into credit reporting agency Equifax’s systems to access the data of more than 143 million users. Though Equifax later said that it’s 145 million, security experts put the number of affected users at around 147.9 million. 

It is one of the most damaging data breaches in history. However, Equifax didn’t report the breach until September 2017. Hackers managed to get  millions of user data , including names, street addresses, driver’s license numbers, birth dates, and even social security numbers. Hackers exploited a vulnerability in the open-source software Apache Struts to access its servers.

 

Facebook :

Date : September 2018

87 million leaked in this data breach.This happened for the Cambridge Analytica scandal where the data-collecting firm illegally harvested users’ info without their permission.Some security researchers told that this  secret operation was politically motivated. And though the breach occurred a couple years ago, it’s only this year that investigatory conclusions have come out and it shows that 87 million user data were exposed by hackers.

Data breach is now very common. Even small companies are getting hacked. So companies should secure their It infrastructure. They can regularly check their It security and do a security audit. Sometimes it’s not possible to set up a cyber security team. Because of costing and not finding skilled cyber security professionals.So they can use VAPT service for IT security audits. The VAPT service or Vulnerability Assessment and Penetration Testing service help to find the vulnerability in the system and the company can fix the problem to protect from any type of cyber attack.


Why You Should Do Summer Training

Why You Should Do Summer Training: A Brief Explanation

Why You Should Do Summer Training: A Brief Explanation

Why You Should Do Summer Training? Summer training is a specialized training program by Indian Cyber Security Solutions. In this program, students get the opportunity to learn new skills and get knowledge of different technologies. The program is hands-on training by industry professionals. This training is helpful for students who are currently pursuing their graduation. The summer training gives the basic idea of a topic. Summer training also helps to understand how the technology works in the industry project.

In many colleges, it is mandatory to get summer training. It helps students to understand the technology before they get into a job. Joining summer training also helps you will enhance your skills to get more opportunities in your career. Summer training also shows that students have the knowledge of that particular domain and have the skill to do the work. Having a summer training certificate also helps you in the interview session.

Summer training is also helpful for the professional who is currently doing a job. The summer training program has lots of topics that you can choose from. You can enhance your skills and get more opportunities in the domain you are currently working in. There are so many topics you can choose. Like Ethical Hacking, CCNA, Python Programming, Java Programming, Machine learning, Ruby Programming, Cloud Computing. You can choose any of this summer training course to enhance your skills.

 

 

Why You Should Do Summer Training

 

 

Why Summer Training is important?

 

The competition in the employment market is growing more day by day. Passing semester exams and completing academic projects is an important thing, but summer training gives industrial exposure. Thus students should take summer training very seriously. It is essential and helps to attain in-depth knowledge of the engineering stream.

Companies check the skill and knowledge of a student when they hire. So getting the right skill is very important. Summer training helps students to acquire the rights skill to get more career opportunities.

 

 

Learn Summer Training

What is the feature of summer training?

 

  • You will get in-depth technical knowledge of the topic.
  • Enhance professional skills in a real-time environment.
  • Understand the topic of ad how it uses.
  • Learn the basics of how to work as a team member to complete given tasks.
  • Improve awareness of the industrial environment and work culture of the specific industry.
  • Industry professionals to help to solve queries with practical exposure.
  • Get a certificate after the completion of the training.

So if you want to enhance your skill and want to learn a new skill you can join the summer training. The summer training basically a month program. You will learn new tools and techniques on the topic you will enroll in. The training will be conducted by industry professionals. You will get a certificate after completion of the training.

 


Zoom Video Conferencing App is vulnerable to cyber attacks

Zoom Video Conferencing App is vulnerable to Cyber Attacks

Category : Blog

Zoom Video Conferencing App is vulnerable to Cyber Attacks

The famous Zoom meeting App is vulnerable to cyber attacks now. Installing it on your system or using it, makes Your system vulnerable. In recent times the uses of video conferencing apps have increased due to work from home. Many companies and institutes use video conferencing apps to interact with people.

Zoom video conferencing app is one of the best-performing video conferencing app. Many people use this App for video conferencing. This spotlight also reveals the security and privacy issues of the Zoom App. The main security concern occurs when researchers know that many Zoom accounts have already been hacked. Many recorded meeting videos uploaded on Youtube and Vimeo website. Some of this video has personally identifiable information as well as an intimate conversation.

Zoom offers an option to hosts if they want to record and save the meeting and it is not recorded by default. The issue was notified to Zoom by the publishing house and the company is looking into the matter. The privacy issue occurs due to its encryption method and an option that adds people to a user’s list of contacts if they sign up with an email address that shares the same domain.”

These two reasons are responsible for the privacy leak of the Zoom App.

 

Zoom Video Conferencing App is vulnerable to cyber attacks

 

Zoom App Encryption Technique :

 

Zoom meetings are not end-to-end encrypted as mentioned on their website. The app uses regular TLS encryption, the same encryption web browsers use to secure HTTPS websites.

The end-to-end encryption means no one can read the content shared by two people using any App. But the recent privacy leak of Zoom App questioned their App security.Zoom’s spokesperson told The Intercept, “It is not possible to enable E2E encryption for Zoom video meetings.”. Zoom also denied misleading users, claiming that E2E, for them, is “in reference to the connection being encrypted from Zoom endpoint to Zoom endpoint.”In a report by The Intercept Zoom has been found issuing encryption keys by servers located in China even when all the meeting participants are from America.

Researchers from University Of Toronto also found that the servers that issuing encryption to users are located in China.The researcher runs a test to track how the Zoom generate the encryption key.They found that the shared meeting encryption key during a meeting was sent to one of the participants over TLS from a Zoom server apparently located in Beijing.

This raises the security concern as Zoom will be liable to share the keys with the Chinese government if required, as per the laws.

 

The leakage of user data to strangers:

Zoom also leaked many email addresses and photos of its users.For this reason Zoom users could get video calls from strangers.This happens due to an option offered by Zoom that is known as Company directory.The option adds people to a user’s list of contacts if they sign up with an email address that shares the same domain.

The feature was introduced to help colleagues to find people from the same company.But in a recent report,researchers find that people who signed up using  their private email id are also shared by Zoom App.There is one more security issue the security researcher has found.The shaddy installation of Zoom App.

Felix, a malware tracker at VMRay, discovered that the Zoom macOS installer evades Apple security mechanisms to get root privileges.The Zoom installer uses preinstallation script and misleading prompt to get root privilege.The App also makes Windows vulnerable.A security report shows that a flaw in Windows clients can lead hackers to steal windows credential of users.

So it is advised to not use Zoom App.Security researchers already reported this loophole and security companies.They also told users to uninstall the App because of the privacy concern.You can check the other alternatives of the Zoom App.

 


COVID-19 Impact | Job losses and Unemployment in IT sectors

COVID-19 Impact | Job losses and Unemployment in IT sectors

Category : Blog

COVID-19 Impact | Job losses and Unemployment in IT sectors

 

COVID-19 Impact | Job losses and Unemployment in IT sectors

 

If you are not worried about your immediate survival in the current national lockdown, then your next worry is how does this impact your employer and your future. Like most professionals, your job is and will remain your primary source of income for the most part of your life and this unprecedented crisis appears to be a major threat in the short to medium term. Let us go through some important knowledge of this outbreak and the impact on the IT sectors. Let’s meet Shreeram M*, a techie working for a small IT firm in Pune, was forced to resign along with six others, in March. A fortnight later, in another ITeS-BPO firm — Fareportal — more than 300 employees were laid off. This may just be the beginning as HR experts and industry players see around 1.5 lakh employees in India’s IT industry losing their jobs over the next three-to-six months. As per the news, we can see Spain has shed jobs at a record pace since it went into lockdown to fight the coronavirus, social security data showed on Thursday, laying bare the scale of the epidemic’s impact in the euro zone’s fourth-largest economy.  As per the news, Some 900,000 workers have lost their job since mid-March, with those on short-term contracts in tourism or construction among the hardest hit. At least another 620,000 have seen their contracts suspended with temporary layoffs and tens of thousands are on sick leave.   Jobless numbers for March, also published on Thursday, showed Spain registered its highest monthly increase ever, with a 9.3% jump from the previous month bringing the total number of unemployed people to around 3.5 million.

Immediate actions

As the lockdown proceeds, you will increasingly feel disconnected and irrelevant, blunting your professional edge and reducing your employability. Thus, your most urgent requirement is to stay busy and connected with work. Establish and follow a proactive routine to manage time optimally and get the results you seek. Work diligently and don’t miss the daily team call routine. Volunteer for additional tasks and deliver within deadlines. Next, check out online training programs offered or assigned by your firm and set aside an hour daily to complete them. You will learn new stuff and keep your brain engaged and sharp. Now, formulate and lead online training sessions on different Skill sets for your junior team members. Finally, create and execute weekly projects from team goals that were put on the backburner earlier.

 

How to enhance your skills?

Learn Cloud Computing:

Cloud Computing refers to the computing services including servers, storage, databases, networking, software, analytics, intelligence and others over the Internet (“the cloud”). What does it do? It offers faster innovation, flexible resources, and economies of scale. Cloud Computing has the flexibility of offering a “pay per use” feature that enables business houses to pay only for services you use, helping lower your operating costs, run your infrastructure more efficiently and scale as your business needs change.

Learn Python Programming Language:

According to the latest TIOBE Programming Community Index, Python is one of the top 10 popular programming languages of 2020. Python is a general-purpose and high-level programming language. You can use Python for developing desktop GUI applications, websites, and web applications. Also, Python, as a high-level programming language, allows you to focus on the core functionality of the application by taking care of common programming tasks. The simple syntax rules of the programming language further make it easier for you to keep the code base readable and application maintainable.

 

Learn Networking:

Experts agree that the most connected people are often the most successful. When you invest in your relationships — professional and personal — it can pay you back in dividends throughout the course of your career. Networking will help you develop and improve your skill set, stay on top of the latest trends in your industry, keep a pulse on the job market, meet prospective mentors, partners, and clients, and gain access to the necessary resources that will foster your career development.

Learn Cyber Security :

 

Cybersecurity is important because it encompasses everything that pertains to protecting our personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries.

 

Because of the massive increase in hacks and hacking attempts, cybersecurity has become an unavoidable topic of discussion in the past several years. Events that occur in the cybersecurity industry can and often do have global consequences and the possibility of catastrophic results.

 

Learn Machine Learning:

The machine learning field is continuously evolving. And along with evolution comes a rise in demand and importance. There is one crucial reason why data scientists need machine learning, and that is: ‘High-value predictions that can guide better decisions and smart actions in real-time without human intervention.’

Machine learning as technology helps analyze large chunks of data, easing the tasks of data scientists in an automated process and is gaining a lot of prominence and recognition. Machine learning has changed the way data extraction and interpretation works by involving automatic sets of generic methods that have replaced traditional statistical techniques.

 

Conclusion:

There are some of the most highly demanding skills in the IT industry. Getting new skills will help to get more opportunities in your career. It will also help to survive in a crisis situation, where people lose their jobs and unemployment in the IT sectors. Now coming to an end suggesting to utilize this lockdown period and enhance your skill by these online live classes.

 

Cyber Security, Machine Learning, Networking, Cloud Computing, and Python programming are the most demanding skills, employers are looking for. Because in today’s world Cyber Security is a big concern. Machine learning also helps companies to enhance their product and services. Python is the most popular language because of its easy implementation with any technology. In this connected world network engineers play a very important role. Companies hire Network engineers to main their network infrastructure. Many companies now shifted their Web apps and services to the cloud because of its high features.

So learning any of this skill will help to enhance your current skills and also help you get more opportunities in your career.

 


×

Hello!

Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you